Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0440

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0440
Last Modified 05 Sep 2008 04:59:16
Published 26 Jan 2006 05:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0440

Summary

Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.

Vulnerable Systems

Application

  • Text Rider 2.4


References

MISC - http://evuln.com/vulns/46/summary.html

BUGTRAQ - 20060124 [eVuln] Text Rider Sensitive Information Disclosure

SECTRACK - 1015533


Last Updated: 27 May 2016 10:41:39